We recently wrote about RIANZ withdrawing one of the first cases to go to the Copyright Tribunal. We made some reference to RIANZ's claims and their attempts to rewrite the law and regulations to justify a claim based on the number of times the works might have been downloaded.

I notice that they charge for 90 downloads. Based on this paragraph: (37 b) The Envisional study also showed 20 that. if the downloads from a BitTorrent swarm were taken into account (i.e. as a result from uploading the 17 albums) each album was downloaded an average of 130 times per day. Taking a baseline figure of 90 downloads (for each infringing uploaded) is therefore reasonable and much less than this daily figure;

This is an interesting approach – one that would be symilar to the NZ police detecting a single speeding or parking offence and then charging the motorist for a number of offences based on speeding and parking statistics without actually providing any proof of multiple detected offences.

No actual proof of any downloads from the upload is provided – nor any proof that the downloads were by individuals (as opposed to bots or copyright infringement detection software) that were not legally entitled to file.

It also nowhere states whether a DMCA takedown notice procedure was followed with BitTorrent which would reduce the plaintiffs “loss” and a Counter-Notice (or lack of it) would establish the validity of the file and identity of the uploader. BitTorrent is as much the service provider as the ISP.

Misreporting by trackers: The most straightforward way to falsely implicate an IP address in infringement is for the coordinating tracker to simply return that IP address as a peer regardless of participation. Since the torrent metadata files that specify trackers are user-generated, a malicious user can frame arbitrary IPs simply by naming his own misreporting tracker during the creation of the torrent and then uploading that torrent to one of the many public aggregation websites that we (and enforcement agencies, presumably) crawl. From the perspective of users downloading the file, such a malicious tracker would seem no different than any other.

Mistimed reports: A tracker need not be malicious to falsely implicate users. Consider the following scenario. A participates in an infringing BitTorrent swarm from a laptop via WiFi with an IP address assigned via DHCP, e.g., at a university or cafe. A then closes his laptop to leave, suspending his BitTorrent client without an orderly notification to the tracker that he has left. Some time later, B joins the same WiFi network and, due to the DHCP timeout of A IP, B receives A’s former address. This can also apply to the DHCP provided by ISP’s by the connection and reconnection of a router.

Man-in-the-middle: Because BitTorrent tracker responses are not encrypted, man-in-the-middle attacks at the network level are straightforward. Anyone on the path between tracker and a monitoring agent can alter the tracker’s response, implicating arbitrary IPs.

Malware and open access points: There are other ways in which innocent users may be implicated for copyright infringement. For example, their computer might be running malware that downloads or hosts copyrighted content, or their home network might have an open wireless access point that someone else uses to share copyrighted content.

The challenge process is not fair either. There are only 14 days to issue a challenge. Since there is no prescribed way to notify the account holder it could take 7- 10 days in the post. However – if a challenge is issued the copyright holder has double that time 28 days to reject the challenge.